From owner-freebsd-net@FreeBSD.ORG  Sun Jun 30 05:15:58 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 38BFF29A;
 Sun, 30 Jun 2013 05:15:58 +0000 (UTC)
 (envelope-from sodynet1@gmail.com)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com
 [IPv6:2607:f8b0:400e:c03::234])
 by mx1.freebsd.org (Postfix) with ESMTP id 03511123D;
 Sun, 30 Jun 2013 05:15:57 +0000 (UTC)
Received: by mail-pa0-f52.google.com with SMTP id kq13so3806260pab.39
 for <multiple recipients>; Sat, 29 Jun 2013 22:15:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=GkH9ErJ5UsPKoHUWuk+qRzf8cJlfo8wtNiKOMg8hkOY=;
 b=lN9axW5rtz7GLC0L4+iVVgaEemtetXHrIb9CaEmswRJ836t72lll5lkGfLdGTVo54z
 F+mi0RdcDDeKf2rlrm8qNELZWbG7iVe29maymX8hSwP04kGm2rMOCFXmQFNEZOP2jzDT
 5etaQJpXpBgItlXtYOSeNThkxaD3llV0rPZj7vcje97DJgmG10nyz3T4FZN6ONdxD3TG
 LZZMUgVSc+mUIx8vqDLJ4mq6X6RnVkwE6iHncHXWI9hKwJZvxF4lExUEK1ytaxxGGwqG
 DqYwDw4y+BGeSLc95nbhNbbm2/KXmR497V5UHBCzbPTXZYc5MBr2koAZdAYrNESAYe3M
 +N7Q==
MIME-Version: 1.0
X-Received: by 10.68.196.167 with SMTP id in7mr18266433pbc.170.1372569357658; 
 Sat, 29 Jun 2013 22:15:57 -0700 (PDT)
Received: by 10.70.96.139 with HTTP; Sat, 29 Jun 2013 22:15:57 -0700 (PDT)
Received: by 10.70.96.139 with HTTP; Sat, 29 Jun 2013 22:15:57 -0700 (PDT)
In-Reply-To: <CAEW+ogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com>
References: <CAEW+ogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
 <20130629002959.GB20376@nat.myhome>
 <CAEW+ogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com>
Date: Sun, 30 Jun 2013 08:15:57 +0300
Message-ID: <CAEW+ogYSBo-_9TYOfz68FNKr9uCw0QRpa8LfaCn_9WwoWhtmCw@mail.gmail.com>
Subject: Re: DNAT in freebsd
From: Sami Halabi <sodynet1@gmail.com>
To: "Paul A. Procacci" <pprocacci@datapipe.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jun 2013 05:15:58 -0000

Any buyers? :)
I need your kindly help on this...

Sami
=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=99=D7=95=D7=A0 2013 09:50=
, =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>:

> I think I was misunderstood...
> Here is the situation i want to handle:
> My box is a router that handles several /24 behind.
> One of my links (em0) is connected to a private network 192.168.0.1 is me=
,
> my neighbour is 192.168.0.2.
> I want to make that any connection comes to 192.168.0.1  to go to ip
> 193.xxx.yyy.2 using specific public ip 84.xx.yy.1
> And packets comming to my public 84.xx.yy.1 ip to be trsnslated as came
> from 192.168.0.1 and sent to 192.168.0.2/or ant other ips
> behind(192.168.1.xx/24).
>
> Hope that makes it clearer, and I appreciate any help.
>
> Sami
> =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=99=D7=95=D7=A0 2013 03:=
30, =D7=9E=D7=90=D7=AA "Paul A. Procacci" <pprocacci@datapipe.com
> >:
>
>> > Hi, (sorry for sending again, the last email was with wrong subject)
>> > I would like to perform a full dnat/snat as in iptbles in:
>> > linux-ip.net/html/nat-dnat.html
>> > How it can be done in fbsd, I use ipfw.
>> >
>> > I seeked natd man page but its translation, and thr proxy_rule is for
>> > specefic port, not a whole transparancy.
>> >
>>
>> Using in-kernel nat is probably a better choice IMHO.
>>
>> read `man ipfw(8)`
>>
>> The section labeled EXAMPLES has exactly what you need.
>> Here is a snippet from the manpage to get you started:
>>
>> -------------------------------
>> <!--snip-->
>>
>> Then to configure nat instance 123 to alias all the outgoing traffic wit=
h
>> ip 192.168.0.123, blocking all incoming connections, trying to keep same
>> ports on both sides, clearing aliasing table on address change and keep-
>> ing a log of traffic/link statistics:
>>
>>     ipfw nat 123 config ip 192.168.0.123 log deny_in reset same_ports
>>
>> <!--snip-->
>>
>>            ipfw nat 123 config redirect_addr 10.0.0.1 10.0.0.66
>>                            redirect_port tcp 192.168.0.1:80 500
>>                            redirect_proto udp 192.168.1.43 192.168.1.1
>>                            redirect_addr 192.168.0.10,192.168.0.11
>>                                    10.0.0.100 # LSNAT
>>                            redirect_port tcp 192.168.0.1:80,
>> 192.168.0.10:22
>>                                    500        # LSNAT
>>
>> <!--snip-->
>> -------------------------------
>>
>>
>> ~Paul
>>
>> ________________________________
>>
>> This message may contain confidential or privileged information. If you
>> are not the intended recipient, please advise us immediately and delete
>> this message. See http://www.datapipe.com/legal/email_disclaimer/ for
>> further information on confidentiality and the risks of non-secure
>> electronic communication. If you cannot access these links, please notif=
y
>> us by reply message and we will send the contents to you.
>>
>